@webex/internal-plugin-encryption 3.0.0-beta.9 → 3.0.0-beta.90

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/README.md +1 -3
  2. package/dist/config.js +0 -9
  3. package/dist/config.js.map +1 -1
  4. package/dist/encryption.js +9 -60
  5. package/dist/encryption.js.map +1 -1
  6. package/dist/ensure-buffer.browser.js +0 -12
  7. package/dist/ensure-buffer.browser.js.map +1 -1
  8. package/dist/ensure-buffer.js +5 -12
  9. package/dist/ensure-buffer.js.map +1 -1
  10. package/dist/index.js +7 -33
  11. package/dist/index.js.map +1 -1
  12. package/dist/kms-batcher.js +6 -30
  13. package/dist/kms-batcher.js.map +1 -1
  14. package/dist/kms-certificate-validation.js +20 -88
  15. package/dist/kms-certificate-validation.js.map +1 -1
  16. package/dist/kms-dry-error-interceptor.js +1 -23
  17. package/dist/kms-dry-error-interceptor.js.map +1 -1
  18. package/dist/kms-errors.js +3 -50
  19. package/dist/kms-errors.js.map +1 -1
  20. package/dist/kms.js +74 -213
  21. package/dist/kms.js.map +1 -1
  22. package/package.json +15 -15
  23. package/src/config.js +3 -3
  24. package/src/encryption.js +66 -56
  25. package/src/ensure-buffer.browser.js +0 -1
  26. package/src/ensure-buffer.js +5 -5
  27. package/src/index.js +120 -96
  28. package/src/kms-batcher.js +50 -44
  29. package/src/kms-certificate-validation.js +45 -47
  30. package/src/kms-dry-error-interceptor.js +8 -4
  31. package/src/kms-errors.js +19 -16
  32. package/src/kms.js +210 -206
  33. package/test/integration/spec/encryption.js +311 -230
  34. package/test/integration/spec/kms.js +532 -404
  35. package/test/integration/spec/payload-transfom.js +69 -69
  36. package/test/unit/spec/encryption.js +16 -13
  37. package/test/unit/spec/kms-certificate-validation.js +41 -32
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["interceptors","process","env","NODE_ENV","KmsDryErrorInterceptor","create","registerInternalPlugin","Encryption","payloadTransformer","predicates","name","direction","test","ctx","options","resolve","body","kmsMessage","keyUris","length","resourceUri","includes","uri","extract","response","reason","Boolean","errorCode","transforms","fn","object","webex","internal","encryption","kms","prepareRequest","then","req","wrapped","decryptKmsMessage","promises","errors","map","error","description","desc","push","message","all","reject","DryError","config"],"sources":["index.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n// Note: There's a bug where if bind gets replayed because of a timeout in which\n// the original request eventually completed, there'll be an error indicating\n// the key can't be bound (because it already has been). This could be mitigated\n// by using Promise.race to resolve replays (as more requests get enqueue for a\n// specific action, accept whichever one completes first).\n\nimport {registerInternalPlugin} from '@webex/webex-core';\nimport {has, isObject, isString} from 'lodash';\n\nimport Encryption from './encryption';\nimport config from './config';\nimport {DryError} from './kms-errors';\nimport '@webex/internal-plugin-device';\nimport '@webex/internal-plugin-mercury';\nimport KmsDryErrorInterceptor from './kms-dry-error-interceptor';\n\nlet interceptors;\n\nif (process.env.NODE_ENV === 'test') {\n interceptors = {\n KmsDryErrorInterceptor: KmsDryErrorInterceptor.create\n };\n}\n\nregisterInternalPlugin('encryption', Encryption, {\n payloadTransformer: {\n predicates: [{\n name: 'encryptKmsMessage',\n direction: 'outbound',\n // I don't see any practical way to reduce complexity here.\n // eslint-disable-next-line complexity\n test(ctx, options) {\n if (!has(options, 'body.kmsMessage')) {\n return Promise.resolve(false);\n }\n\n if (!isObject(options.body.kmsMessage)) {\n return Promise.resolve(false);\n }\n\n // If this is a template for a kms message, assume another transform\n // will fill it in later. This is a bit of a leaky abstraction, but the\n // alternative is building a complex rules engine for controlling\n // ordering of transforms\n if (options.body.kmsMessage.keyUris && options.body.kmsMessage.keyUris.length === 0) {\n return Promise.resolve(false);\n }\n if (options.body.kmsMessage.resourceUri && (options.body.kmsMessage.resourceUri.includes('<KRO>') || options.body.kmsMessage.resourceUri.includes('<KEYURL>'))) {\n return Promise.resolve(false);\n }\n if (options.body.kmsMessage.uri && (options.body.kmsMessage.uri.includes('<KRO>') || options.body.kmsMessage.uri.includes('<KEYURL>'))) {\n return Promise.resolve(false);\n }\n\n return Promise.resolve(true);\n },\n extract(options) {\n return Promise.resolve(options.body);\n }\n }, {\n name: 'decryptKmsMessage',\n direction: 'inbound',\n test(ctx, response) {\n return Promise.resolve(has(response, 'body.kmsMessage') && isString(response.body.kmsMessage));\n },\n extract(response) {\n return Promise.resolve(response.body);\n }\n }, {\n name: 'decryptErrorResponse',\n direction: 'inbound',\n test(ctx, reason) {\n return Promise.resolve(Boolean(reason.body && reason.body.errorCode === 1900000));\n },\n extract(reason) {\n return Promise.resolve(reason);\n }\n }],\n transforms: [{\n name: 'encryptKmsMessage',\n fn(ctx, object) {\n if (!object) {\n return Promise.resolve();\n }\n\n if (!object.kmsMessage) {\n return Promise.resolve();\n }\n\n if (isString(object.kmsMessage)) {\n return Promise.resolve();\n }\n\n return ctx.webex.internal.encryption.kms.prepareRequest(object.kmsMessage)\n .then((req) => {\n object.kmsMessage = req.wrapped;\n });\n }\n }, {\n name: 'decryptKmsMessage',\n fn(ctx, object) {\n return ctx.webex.internal.encryption.kms.decryptKmsMessage(object.kmsMessage)\n .then((kmsMessage) => {\n object.kmsMessage = kmsMessage;\n });\n }\n }, {\n name: 'decryptErrorResponse',\n fn(ctx, reason) {\n const promises = reason.body.errors.map((error) => ctx.webex.internal.encryption.kms.decryptKmsMessage(error.description)\n .then((desc) => {\n error.description = desc;\n }));\n\n promises.push(ctx.webex.internal.encryption.kms.decryptKmsMessage(reason.body.message)\n .then((kmsMessage) => {\n reason.body.message = kmsMessage;\n }));\n\n return Promise.all(promises)\n .then(() => Promise.reject(new DryError(reason)));\n }\n }]\n },\n interceptors,\n config\n});\n\nexport {default} from './encryption';\nexport {default as KMS} from './kms';\nexport {KmsError, DryError} from './kms-errors';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUA;;AAGA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAmHA;;AArIA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AAYA,IAAIA,YAAJ;;AAEA,IAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,MAA7B,EAAqC;EACnCH,YAAY,GAAG;IACbI,sBAAsB,EAAEA,+BAAA,CAAuBC;EADlC,CAAf;AAGD;;AAED,IAAAC,iCAAA,EAAuB,YAAvB,EAAqCC,mBAArC,EAAiD;EAC/CC,kBAAkB,EAAE;IAClBC,UAAU,EAAE,CAAC;MACXC,IAAI,EAAE,mBADK;MAEXC,SAAS,EAAE,UAFA;MAGX;MACA;MACAC,IALW,gBAKNC,GALM,EAKDC,OALC,EAKQ;QACjB,IAAI,CAAC,mBAAIA,OAAJ,EAAa,iBAAb,CAAL,EAAsC;UACpC,OAAO,iBAAQC,OAAR,CAAgB,KAAhB,CAAP;QACD;;QAED,IAAI,CAAC,wBAASD,OAAO,CAACE,IAAR,CAAaC,UAAtB,CAAL,EAAwC;UACtC,OAAO,iBAAQF,OAAR,CAAgB,KAAhB,CAAP;QACD,CAPgB,CASjB;QACA;QACA;QACA;;;QACA,IAAID,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBC,OAAxB,IAAmCJ,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBC,OAAxB,CAAgCC,MAAhC,KAA2C,CAAlF,EAAqF;UACnF,OAAO,iBAAQJ,OAAR,CAAgB,KAAhB,CAAP;QACD;;QACD,IAAID,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,KAAwCN,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,CAAoCC,QAApC,CAA6C,OAA7C,KAAyDP,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,CAAoCC,QAApC,CAA6C,UAA7C,CAAjG,CAAJ,EAAgK;UAC9J,OAAO,iBAAQN,OAAR,CAAgB,KAAhB,CAAP;QACD;;QACD,IAAID,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,KAAgCR,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,CAA4BD,QAA5B,CAAqC,OAArC,KAAiDP,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,CAA4BD,QAA5B,CAAqC,UAArC,CAAjF,CAAJ,EAAwI;UACtI,OAAO,iBAAQN,OAAR,CAAgB,KAAhB,CAAP;QACD;;QAED,OAAO,iBAAQA,OAAR,CAAgB,IAAhB,CAAP;MACD,CA7BU;MA8BXQ,OA9BW,mBA8BHT,OA9BG,EA8BM;QACf,OAAO,iBAAQC,OAAR,CAAgBD,OAAO,CAACE,IAAxB,CAAP;MACD;IAhCU,CAAD,EAiCT;MACDN,IAAI,EAAE,mBADL;MAEDC,SAAS,EAAE,SAFV;MAGDC,IAHC,gBAGIC,GAHJ,EAGSW,QAHT,EAGmB;QAClB,OAAO,iBAAQT,OAAR,CAAgB,mBAAIS,QAAJ,EAAc,iBAAd,KAAoC,wBAASA,QAAQ,CAACR,IAAT,CAAcC,UAAvB,CAApD,CAAP;MACD,CALA;MAMDM,OANC,mBAMOC,QANP,EAMiB;QAChB,OAAO,iBAAQT,OAAR,CAAgBS,QAAQ,CAACR,IAAzB,CAAP;MACD;IARA,CAjCS,EA0CT;MACDN,IAAI,EAAE,sBADL;MAEDC,SAAS,EAAE,SAFV;MAGDC,IAHC,gBAGIC,GAHJ,EAGSY,MAHT,EAGiB;QAChB,OAAO,iBAAQV,OAAR,CAAgBW,OAAO,CAACD,MAAM,CAACT,IAAP,IAAeS,MAAM,CAACT,IAAP,CAAYW,SAAZ,KAA0B,OAA1C,CAAvB,CAAP;MACD,CALA;MAMDJ,OANC,mBAMOE,MANP,EAMe;QACd,OAAO,iBAAQV,OAAR,CAAgBU,MAAhB,CAAP;MACD;IARA,CA1CS,CADM;IAqDlBG,UAAU,EAAE,CAAC;MACXlB,IAAI,EAAE,mBADK;MAEXmB,EAFW,cAERhB,GAFQ,EAEHiB,MAFG,EAEK;QACd,IAAI,CAACA,MAAL,EAAa;UACX,OAAO,iBAAQf,OAAR,EAAP;QACD;;QAED,IAAI,CAACe,MAAM,CAACb,UAAZ,EAAwB;UACtB,OAAO,iBAAQF,OAAR,EAAP;QACD;;QAED,IAAI,wBAASe,MAAM,CAACb,UAAhB,CAAJ,EAAiC;UAC/B,OAAO,iBAAQF,OAAR,EAAP;QACD;;QAED,OAAOF,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCC,cAAlC,CAAiDL,MAAM,CAACb,UAAxD,EACJmB,IADI,CACC,UAACC,GAAD,EAAS;UACbP,MAAM,CAACb,UAAP,GAAoBoB,GAAG,CAACC,OAAxB;QACD,CAHI,CAAP;MAID;IAnBU,CAAD,EAoBT;MACD5B,IAAI,EAAE,mBADL;MAEDmB,EAFC,cAEEhB,GAFF,EAEOiB,MAFP,EAEe;QACd,OAAOjB,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCK,iBAAlC,CAAoDT,MAAM,CAACb,UAA3D,EACJmB,IADI,CACC,UAACnB,UAAD,EAAgB;UACpBa,MAAM,CAACb,UAAP,GAAoBA,UAApB;QACD,CAHI,CAAP;MAID;IAPA,CApBS,EA4BT;MACDP,IAAI,EAAE,sBADL;MAEDmB,EAFC,cAEEhB,GAFF,EAEOY,MAFP,EAEe;QACd,IAAMe,QAAQ,GAAGf,MAAM,CAACT,IAAP,CAAYyB,MAAZ,CAAmBC,GAAnB,CAAuB,UAACC,KAAD;UAAA,OAAW9B,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCK,iBAAlC,CAAoDI,KAAK,CAACC,WAA1D,EAChDR,IADgD,CAC3C,UAACS,IAAD,EAAU;YACdF,KAAK,CAACC,WAAN,GAAoBC,IAApB;UACD,CAHgD,CAAX;QAAA,CAAvB,CAAjB;QAKAL,QAAQ,CAACM,IAAT,CAAcjC,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCK,iBAAlC,CAAoDd,MAAM,CAACT,IAAP,CAAY+B,OAAhE,EACXX,IADW,CACN,UAACnB,UAAD,EAAgB;UACpBQ,MAAM,CAACT,IAAP,CAAY+B,OAAZ,GAAsB9B,UAAtB;QACD,CAHW,CAAd;QAKA,OAAO,iBAAQ+B,GAAR,CAAYR,QAAZ,EACJJ,IADI,CACC;UAAA,OAAM,iBAAQa,MAAR,CAAe,IAAIC,mBAAJ,CAAazB,MAAb,CAAf,CAAN;QAAA,CADD,CAAP;MAED;IAfA,CA5BS;EArDM,CAD2B;EAoG/CzB,YAAY,EAAZA,YApG+C;EAqG/CmD,MAAM,EAANA;AArG+C,CAAjD"}
1
+ {"version":3,"names":["interceptors","process","env","NODE_ENV","KmsDryErrorInterceptor","create","registerInternalPlugin","Encryption","payloadTransformer","predicates","name","direction","test","ctx","options","resolve","body","kmsMessage","keyUris","length","resourceUri","includes","uri","extract","response","reason","Boolean","errorCode","transforms","fn","object","webex","internal","encryption","kms","prepareRequest","then","req","wrapped","decryptKmsMessage","promises","errors","map","error","description","desc","push","message","all","reject","DryError","config"],"sources":["index.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n// Note: There's a bug where if bind gets replayed because of a timeout in which\n// the original request eventually completed, there'll be an error indicating\n// the key can't be bound (because it already has been). This could be mitigated\n// by using Promise.race to resolve replays (as more requests get enqueue for a\n// specific action, accept whichever one completes first).\n\nimport '@webex/internal-plugin-device';\n\nimport '@webex/internal-plugin-mercury';\n\nimport {registerInternalPlugin} from '@webex/webex-core';\nimport {has, isObject, isString} from 'lodash';\n\nimport Encryption from './encryption';\nimport config from './config';\nimport {DryError} from './kms-errors';\n\nimport KmsDryErrorInterceptor from './kms-dry-error-interceptor';\n\nlet interceptors;\n\nif (process.env.NODE_ENV === 'test') {\n interceptors = {\n KmsDryErrorInterceptor: KmsDryErrorInterceptor.create,\n };\n}\n\nregisterInternalPlugin('encryption', Encryption, {\n payloadTransformer: {\n predicates: [\n {\n name: 'encryptKmsMessage',\n direction: 'outbound',\n // I don't see any practical way to reduce complexity here.\n // eslint-disable-next-line complexity\n test(ctx, options) {\n if (!has(options, 'body.kmsMessage')) {\n return Promise.resolve(false);\n }\n\n if (!isObject(options.body.kmsMessage)) {\n return Promise.resolve(false);\n }\n\n // If this is a template for a kms message, assume another transform\n // will fill it in later. This is a bit of a leaky abstraction, but the\n // alternative is building a complex rules engine for controlling\n // ordering of transforms\n if (options.body.kmsMessage.keyUris && options.body.kmsMessage.keyUris.length === 0) {\n return Promise.resolve(false);\n }\n if (\n options.body.kmsMessage.resourceUri &&\n (options.body.kmsMessage.resourceUri.includes('<KRO>') ||\n options.body.kmsMessage.resourceUri.includes('<KEYURL>'))\n ) {\n return Promise.resolve(false);\n }\n if (\n options.body.kmsMessage.uri &&\n (options.body.kmsMessage.uri.includes('<KRO>') ||\n options.body.kmsMessage.uri.includes('<KEYURL>'))\n ) {\n return Promise.resolve(false);\n }\n\n return Promise.resolve(true);\n },\n extract(options) {\n return Promise.resolve(options.body);\n },\n },\n {\n name: 'decryptKmsMessage',\n direction: 'inbound',\n test(ctx, response) {\n return Promise.resolve(\n has(response, 'body.kmsMessage') && isString(response.body.kmsMessage)\n );\n },\n extract(response) {\n return Promise.resolve(response.body);\n },\n },\n {\n name: 'decryptErrorResponse',\n direction: 'inbound',\n test(ctx, reason) {\n return Promise.resolve(Boolean(reason.body && reason.body.errorCode === 1900000));\n },\n extract(reason) {\n return Promise.resolve(reason);\n },\n },\n ],\n transforms: [\n {\n name: 'encryptKmsMessage',\n fn(ctx, object) {\n if (!object) {\n return Promise.resolve();\n }\n\n if (!object.kmsMessage) {\n return Promise.resolve();\n }\n\n if (isString(object.kmsMessage)) {\n return Promise.resolve();\n }\n\n return ctx.webex.internal.encryption.kms.prepareRequest(object.kmsMessage).then((req) => {\n object.kmsMessage = req.wrapped;\n });\n },\n },\n {\n name: 'decryptKmsMessage',\n fn(ctx, object) {\n return ctx.webex.internal.encryption.kms\n .decryptKmsMessage(object.kmsMessage)\n .then((kmsMessage) => {\n object.kmsMessage = kmsMessage;\n });\n },\n },\n {\n name: 'decryptErrorResponse',\n fn(ctx, reason) {\n const promises = reason.body.errors.map((error) =>\n ctx.webex.internal.encryption.kms.decryptKmsMessage(error.description).then((desc) => {\n error.description = desc;\n })\n );\n\n promises.push(\n ctx.webex.internal.encryption.kms\n .decryptKmsMessage(reason.body.message)\n .then((kmsMessage) => {\n reason.body.message = kmsMessage;\n })\n );\n\n return Promise.all(promises).then(() => Promise.reject(new DryError(reason)));\n },\n },\n ],\n },\n interceptors,\n config,\n});\n\nexport {default} from './encryption';\nexport {default as KMS} from './kms';\nexport {KmsError, DryError} from './kms-errors';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUA;AAEA;AAEA;AAGA;AACA;AACA;AAEA;AAwIA;AA7JA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAeA,IAAIA,YAAY;AAEhB,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,MAAM,EAAE;EACnCH,YAAY,GAAG;IACbI,sBAAsB,EAAEA,+BAAsB,CAACC;EACjD,CAAC;AACH;AAEA,IAAAC,iCAAsB,EAAC,YAAY,EAAEC,mBAAU,EAAE;EAC/CC,kBAAkB,EAAE;IAClBC,UAAU,EAAE,CACV;MACEC,IAAI,EAAE,mBAAmB;MACzBC,SAAS,EAAE,UAAU;MACrB;MACA;MACAC,IAAI,gBAACC,GAAG,EAAEC,OAAO,EAAE;QACjB,IAAI,CAAC,mBAAIA,OAAO,EAAE,iBAAiB,CAAC,EAAE;UACpC,OAAO,iBAAQC,OAAO,CAAC,KAAK,CAAC;QAC/B;QAEA,IAAI,CAAC,wBAASD,OAAO,CAACE,IAAI,CAACC,UAAU,CAAC,EAAE;UACtC,OAAO,iBAAQF,OAAO,CAAC,KAAK,CAAC;QAC/B;;QAEA;QACA;QACA;QACA;QACA,IAAID,OAAO,CAACE,IAAI,CAACC,UAAU,CAACC,OAAO,IAAIJ,OAAO,CAACE,IAAI,CAACC,UAAU,CAACC,OAAO,CAACC,MAAM,KAAK,CAAC,EAAE;UACnF,OAAO,iBAAQJ,OAAO,CAAC,KAAK,CAAC;QAC/B;QACA,IACED,OAAO,CAACE,IAAI,CAACC,UAAU,CAACG,WAAW,KAClCN,OAAO,CAACE,IAAI,CAACC,UAAU,CAACG,WAAW,CAACC,QAAQ,CAAC,OAAO,CAAC,IACpDP,OAAO,CAACE,IAAI,CAACC,UAAU,CAACG,WAAW,CAACC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAC3D;UACA,OAAO,iBAAQN,OAAO,CAAC,KAAK,CAAC;QAC/B;QACA,IACED,OAAO,CAACE,IAAI,CAACC,UAAU,CAACK,GAAG,KAC1BR,OAAO,CAACE,IAAI,CAACC,UAAU,CAACK,GAAG,CAACD,QAAQ,CAAC,OAAO,CAAC,IAC5CP,OAAO,CAACE,IAAI,CAACC,UAAU,CAACK,GAAG,CAACD,QAAQ,CAAC,UAAU,CAAC,CAAC,EACnD;UACA,OAAO,iBAAQN,OAAO,CAAC,KAAK,CAAC;QAC/B;QAEA,OAAO,iBAAQA,OAAO,CAAC,IAAI,CAAC;MAC9B,CAAC;MACDQ,OAAO,mBAACT,OAAO,EAAE;QACf,OAAO,iBAAQC,OAAO,CAACD,OAAO,CAACE,IAAI,CAAC;MACtC;IACF,CAAC,EACD;MACEN,IAAI,EAAE,mBAAmB;MACzBC,SAAS,EAAE,SAAS;MACpBC,IAAI,gBAACC,GAAG,EAAEW,QAAQ,EAAE;QAClB,OAAO,iBAAQT,OAAO,CACpB,mBAAIS,QAAQ,EAAE,iBAAiB,CAAC,IAAI,wBAASA,QAAQ,CAACR,IAAI,CAACC,UAAU,CAAC,CACvE;MACH,CAAC;MACDM,OAAO,mBAACC,QAAQ,EAAE;QAChB,OAAO,iBAAQT,OAAO,CAACS,QAAQ,CAACR,IAAI,CAAC;MACvC;IACF,CAAC,EACD;MACEN,IAAI,EAAE,sBAAsB;MAC5BC,SAAS,EAAE,SAAS;MACpBC,IAAI,gBAACC,GAAG,EAAEY,MAAM,EAAE;QAChB,OAAO,iBAAQV,OAAO,CAACW,OAAO,CAACD,MAAM,CAACT,IAAI,IAAIS,MAAM,CAACT,IAAI,CAACW,SAAS,KAAK,OAAO,CAAC,CAAC;MACnF,CAAC;MACDJ,OAAO,mBAACE,MAAM,EAAE;QACd,OAAO,iBAAQV,OAAO,CAACU,MAAM,CAAC;MAChC;IACF,CAAC,CACF;IACDG,UAAU,EAAE,CACV;MACElB,IAAI,EAAE,mBAAmB;MACzBmB,EAAE,cAAChB,GAAG,EAAEiB,MAAM,EAAE;QACd,IAAI,CAACA,MAAM,EAAE;UACX,OAAO,iBAAQf,OAAO,EAAE;QAC1B;QAEA,IAAI,CAACe,MAAM,CAACb,UAAU,EAAE;UACtB,OAAO,iBAAQF,OAAO,EAAE;QAC1B;QAEA,IAAI,wBAASe,MAAM,CAACb,UAAU,CAAC,EAAE;UAC/B,OAAO,iBAAQF,OAAO,EAAE;QAC1B;QAEA,OAAOF,GAAG,CAACkB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CAACC,cAAc,CAACL,MAAM,CAACb,UAAU,CAAC,CAACmB,IAAI,CAAC,UAACC,GAAG,EAAK;UACvFP,MAAM,CAACb,UAAU,GAAGoB,GAAG,CAACC,OAAO;QACjC,CAAC,CAAC;MACJ;IACF,CAAC,EACD;MACE5B,IAAI,EAAE,mBAAmB;MACzBmB,EAAE,cAAChB,GAAG,EAAEiB,MAAM,EAAE;QACd,OAAOjB,GAAG,CAACkB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CACrCK,iBAAiB,CAACT,MAAM,CAACb,UAAU,CAAC,CACpCmB,IAAI,CAAC,UAACnB,UAAU,EAAK;UACpBa,MAAM,CAACb,UAAU,GAAGA,UAAU;QAChC,CAAC,CAAC;MACN;IACF,CAAC,EACD;MACEP,IAAI,EAAE,sBAAsB;MAC5BmB,EAAE,cAAChB,GAAG,EAAEY,MAAM,EAAE;QACd,IAAMe,QAAQ,GAAGf,MAAM,CAACT,IAAI,CAACyB,MAAM,CAACC,GAAG,CAAC,UAACC,KAAK;UAAA,OAC5C9B,GAAG,CAACkB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CAACK,iBAAiB,CAACI,KAAK,CAACC,WAAW,CAAC,CAACR,IAAI,CAAC,UAACS,IAAI,EAAK;YACpFF,KAAK,CAACC,WAAW,GAAGC,IAAI;UAC1B,CAAC,CAAC;QAAA,EACH;QAEDL,QAAQ,CAACM,IAAI,CACXjC,GAAG,CAACkB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CAC9BK,iBAAiB,CAACd,MAAM,CAACT,IAAI,CAAC+B,OAAO,CAAC,CACtCX,IAAI,CAAC,UAACnB,UAAU,EAAK;UACpBQ,MAAM,CAACT,IAAI,CAAC+B,OAAO,GAAG9B,UAAU;QAClC,CAAC,CAAC,CACL;QAED,OAAO,iBAAQ+B,GAAG,CAACR,QAAQ,CAAC,CAACJ,IAAI,CAAC;UAAA,OAAM,iBAAQa,MAAM,CAAC,IAAIC,mBAAQ,CAACzB,MAAM,CAAC,CAAC;QAAA,EAAC;MAC/E;IACF,CAAC;EAEL,CAAC;EACDzB,YAAY,EAAZA,YAAY;EACZmD,MAAM,EAANA;AACF,CAAC,CAAC"}
package/dist/kms-batcher.js CHANGED
@@ -1,38 +1,28 @@
1
1
  "use strict";
2
2
 
3
3
  var _Object$defineProperty = require("@babel/runtime-corejs2/core-js/object/define-property");
4
-
5
4
  var _interopRequireDefault = require("@babel/runtime-corejs2/helpers/interopRequireDefault");
6
-
7
5
  _Object$defineProperty(exports, "__esModule", {
8
6
  value: true
9
7
  });
10
-
11
8
  exports.default = exports.TIMEOUT_SYMBOL = void 0;
12
-
13
9
  var _symbol = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/symbol"));
14
-
15
10
  var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/promise"));
16
-
17
11
  var _commonTimers = require("@webex/common-timers");
18
-
19
12
  var _webexCore = require("@webex/webex-core");
20
-
21
13
  var _kmsErrors = require("./kms-errors");
22
-
23
14
  /*!
24
15
  * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
25
16
  */
17
+
26
18
  var TIMEOUT_SYMBOL = (0, _symbol.default)('TIMEOUT_SYMBOL');
19
+
27
20
  /**
28
21
  * @class
29
22
  */
30
-
31
23
  exports.TIMEOUT_SYMBOL = TIMEOUT_SYMBOL;
32
-
33
24
  var KmsBatcher = _webexCore.Batcher.extend({
34
25
  namespace: 'Encryption',
35
-
36
26
  /**
37
27
  * Accepts a kmsMessage event and passes its contents to acceptItem
38
28
  * @param {Object} event
@@ -40,7 +30,6 @@ var KmsBatcher = _webexCore.Batcher.extend({
40
30
  */
41
31
  processKmsMessageEvent: function processKmsMessageEvent(event) {
42
32
  var _this = this;
43
-
44
33
  this.logger.info('kms-batcher: received kms message');
45
34
  return _promise.default.all(event.encryption.kmsMessages.map(function (kmsMessage) {
46
35
  return new _promise.default(function (resolve) {
@@ -48,12 +37,10 @@ var KmsBatcher = _webexCore.Batcher.extend({
48
37
  if (process.env.NODE_ENV !== 'production') {
49
38
  _this.logger.info('kms-batcher:', kmsMessage.body);
50
39
  }
51
-
52
40
  resolve(_this.acceptItem(kmsMessage));
53
41
  });
54
42
  }));
55
43
  },
56
-
57
44
  /**
58
45
  * Attaches a timeout to the given KMS message
59
46
  * @param {Object} item
@@ -61,25 +48,23 @@ var KmsBatcher = _webexCore.Batcher.extend({
61
48
  */
62
49
  prepareItem: function prepareItem(item) {
63
50
  var _this2 = this;
64
-
65
51
  return this.getDeferredForRequest(item).then(function (defer) {
66
52
  var timeout = item[TIMEOUT_SYMBOL];
67
- /* istanbul ignore if */
68
53
 
54
+ /* istanbul ignore if */
69
55
  if (!timeout) {
70
56
  throw new Error('timeout is required');
71
57
  }
72
-
73
58
  var timer = (0, _commonTimers.safeSetTimeout)(function () {
74
59
  _this2.logger.warn("kms: request timed out; request id: ".concat(item.requestId, "; timeout: ").concat(timeout));
75
-
76
60
  _this2.handleItemFailure(item, new _kmsErrors.KmsTimeoutError({
77
61
  timeout: timeout,
78
62
  request: item
79
63
  }));
80
- }, timeout); // Reminder: reassign `promise` is not a viable means of inserting into
81
- // the Promise chain
64
+ }, timeout);
82
65
 
66
+ // Reminder: reassign `promise` is not a viable means of inserting into
67
+ // the Promise chain
83
68
  defer.promise.then(function () {
84
69
  return clearTimeout(timer);
85
70
  });
@@ -89,7 +74,6 @@ var KmsBatcher = _webexCore.Batcher.extend({
89
74
  return item;
90
75
  });
91
76
  },
92
-
93
77
  /**
94
78
  * Attaches the final bits of cluster info to the payload
95
79
  * @param {Array} queue
@@ -105,7 +89,6 @@ var KmsBatcher = _webexCore.Batcher.extend({
105
89
  };
106
90
  });
107
91
  },
108
-
109
92
  /**
110
93
  * @param {Object} payload
111
94
  * @returns {Promise<HttpResponseObject>}
@@ -119,7 +102,6 @@ var KmsBatcher = _webexCore.Batcher.extend({
119
102
  body: payload
120
103
  });
121
104
  },
122
-
123
105
  /**
124
106
  * Does nothing; the http response doesn't carry our response data
125
107
  * @returns {Promise}
@@ -127,7 +109,6 @@ var KmsBatcher = _webexCore.Batcher.extend({
127
109
  handleHttpSuccess: function handleHttpSuccess() {
128
110
  return _promise.default.resolve();
129
111
  },
130
-
131
112
  /**
132
113
  * @param {Object} item
133
114
  * @returns {Promise<boolean>}
@@ -135,7 +116,6 @@ var KmsBatcher = _webexCore.Batcher.extend({
135
116
  didItemFail: function didItemFail(item) {
136
117
  return _promise.default.resolve(item.status >= 400);
137
118
  },
138
-
139
119
  /**
140
120
  * @param {Object} item
141
121
  * @returns {Promise}
@@ -145,7 +125,6 @@ var KmsBatcher = _webexCore.Batcher.extend({
145
125
  defer.resolve(item.body);
146
126
  });
147
127
  },
148
-
149
128
  /**
150
129
  * @param {Object} item
151
130
  * @param {KmsError} [reason]
@@ -156,7 +135,6 @@ var KmsBatcher = _webexCore.Batcher.extend({
156
135
  defer.reject(reason || new _kmsErrors.KmsError(item.body));
157
136
  });
158
137
  },
159
-
160
138
  /**
161
139
  * @param {Object} item
162
140
  * @returns {Promise}
@@ -164,7 +142,6 @@ var KmsBatcher = _webexCore.Batcher.extend({
164
142
  fingerprintRequest: function fingerprintRequest(item) {
165
143
  return _promise.default.resolve(item.requestId);
166
144
  },
167
-
168
145
  /**
169
146
  * @param {Object} item
170
147
  * @returns {Promise}
@@ -173,7 +150,6 @@ var KmsBatcher = _webexCore.Batcher.extend({
173
150
  return _promise.default.resolve(item.requestId);
174
151
  }
175
152
  });
176
-
177
153
  var _default = KmsBatcher;
178
154
  exports.default = _default;
179
155
  //# sourceMappingURL=kms-batcher.js.map
package/dist/kms-batcher.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["TIMEOUT_SYMBOL","KmsBatcher","Batcher","extend","namespace","processKmsMessageEvent","event","logger","info","all","encryption","kmsMessages","map","kmsMessage","resolve","process","env","NODE_ENV","body","acceptItem","prepareItem","item","getDeferredForRequest","then","defer","timeout","Error","timer","safeSetTimeout","warn","requestId","handleItemFailure","KmsTimeoutError","request","promise","clearTimeout","catch","prepareRequest","queue","webex","internal","kms","_getKMSCluster","cluster","destination","req","wrapped","submitHttpRequest","payload","length","method","service","resource","handleHttpSuccess","didItemFail","status","handleItemSuccess","getDeferredForResponse","reason","reject","KmsError","fingerprintRequest","fingerprintResponse"],"sources":["kms-batcher.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {Batcher} from '@webex/webex-core';\n\nimport {KmsError, KmsTimeoutError} from './kms-errors';\n\nexport const TIMEOUT_SYMBOL = Symbol('TIMEOUT_SYMBOL');\n\n/**\n * @class\n */\nconst KmsBatcher = Batcher.extend({\n namespace: 'Encryption',\n\n /**\n * Accepts a kmsMessage event and passes its contents to acceptItem\n * @param {Object} event\n * @returns {Promise}\n */\n processKmsMessageEvent(event) {\n this.logger.info('kms-batcher: received kms message');\n\n return Promise.all(event.encryption.kmsMessages.map((kmsMessage) => new Promise((resolve) => {\n /* istanbul ignore else */\n if (process.env.NODE_ENV !== 'production') {\n this.logger.info('kms-batcher:', kmsMessage.body);\n }\n\n resolve(this.acceptItem(kmsMessage));\n })));\n },\n\n /**\n * Attaches a timeout to the given KMS message\n * @param {Object} item\n * @returns {Promise<Object>}\n */\n prepareItem(item) {\n return this.getDeferredForRequest(item)\n .then((defer) => {\n const timeout = item[TIMEOUT_SYMBOL];\n\n /* istanbul ignore if */\n if (!timeout) {\n throw new Error('timeout is required');\n }\n\n const timer = safeSetTimeout(() => {\n this.logger.warn(`kms: request timed out; request id: ${item.requestId}; timeout: ${timeout}`);\n this.handleItemFailure(item, new KmsTimeoutError({\n timeout,\n request: item\n }));\n }, timeout);\n\n // Reminder: reassign `promise` is not a viable means of inserting into\n // the Promise chain\n defer.promise.then(() => clearTimeout(timer));\n defer.promise.catch(() => clearTimeout(timer));\n\n return item;\n });\n },\n\n /**\n * Attaches the final bits of cluster info to the payload\n * @param {Array} queue\n * @returns {Promise<Array>}\n */\n prepareRequest(queue) {\n return this.webex.internal.encryption.kms._getKMSCluster()\n .then((cluster) => ({\n destination: cluster,\n kmsMessages: queue.map((req) => req.wrapped)\n }));\n },\n\n /**\n * @param {Object} payload\n * @returns {Promise<HttpResponseObject>}\n */\n submitHttpRequest(payload) {\n this.logger.info('kms: batched-request-length', payload.kmsMessages.length);\n\n return this.webex.request({\n method: 'POST',\n service: 'encryption',\n resource: '/kms/messages',\n body: payload\n });\n },\n\n /**\n * Does nothing; the http response doesn't carry our response data\n * @returns {Promise}\n */\n handleHttpSuccess() {\n return Promise.resolve();\n },\n\n /**\n * @param {Object} item\n * @returns {Promise<boolean>}\n */\n didItemFail(item) {\n return Promise.resolve(item.status >= 400);\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n handleItemSuccess(item) {\n return this.getDeferredForResponse(item)\n .then((defer) => {\n defer.resolve(item.body);\n });\n },\n\n /**\n * @param {Object} item\n * @param {KmsError} [reason]\n * @returns {Promise}\n */\n handleItemFailure(item, reason) {\n return this.getDeferredForResponse(item)\n .then((defer) => {\n defer.reject(reason || new KmsError(item.body));\n });\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n fingerprintRequest(item) {\n return Promise.resolve(item.requestId);\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n fingerprintResponse(item) {\n return Promise.resolve(item.requestId);\n }\n});\n\nexport default KmsBatcher;\n"],"mappings":";;;;;;;;;;;;;;;;AAIA;;AACA;;AAEA;;AAPA;AACA;AACA;AAOO,IAAMA,cAAc,GAAG,qBAAO,gBAAP,CAAvB;AAEP;AACA;AACA;;;;AACA,IAAMC,UAAU,GAAGC,kBAAA,CAAQC,MAAR,CAAe;EAChCC,SAAS,EAAE,YADqB;;EAGhC;AACF;AACA;AACA;AACA;EACEC,sBARgC,kCAQTC,KARS,EAQF;IAAA;;IAC5B,KAAKC,MAAL,CAAYC,IAAZ,CAAiB,mCAAjB;IAEA,OAAO,iBAAQC,GAAR,CAAYH,KAAK,CAACI,UAAN,CAAiBC,WAAjB,CAA6BC,GAA7B,CAAiC,UAACC,UAAD;MAAA,OAAgB,qBAAY,UAACC,OAAD,EAAa;QAC3F;QACA,IAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;UACzC,KAAI,CAACV,MAAL,CAAYC,IAAZ,CAAiB,cAAjB,EAAiCK,UAAU,CAACK,IAA5C;QACD;;QAEDJ,OAAO,CAAC,KAAI,CAACK,UAAL,CAAgBN,UAAhB,CAAD,CAAP;MACD,CAPmE,CAAhB;IAAA,CAAjC,CAAZ,CAAP;EAQD,CAnB+B;;EAqBhC;AACF;AACA;AACA;AACA;EACEO,WA1BgC,uBA0BpBC,IA1BoB,EA0Bd;IAAA;;IAChB,OAAO,KAAKC,qBAAL,CAA2BD,IAA3B,EACJE,IADI,CACC,UAACC,KAAD,EAAW;MACf,IAAMC,OAAO,GAAGJ,IAAI,CAACrB,cAAD,CAApB;MAEA;;MACA,IAAI,CAACyB,OAAL,EAAc;QACZ,MAAM,IAAIC,KAAJ,CAAU,qBAAV,CAAN;MACD;;MAED,IAAMC,KAAK,GAAG,IAAAC,4BAAA,EAAe,YAAM;QACjC,MAAI,CAACrB,MAAL,CAAYsB,IAAZ,+CAAwDR,IAAI,CAACS,SAA7D,wBAAoFL,OAApF;;QACA,MAAI,CAACM,iBAAL,CAAuBV,IAAvB,EAA6B,IAAIW,0BAAJ,CAAoB;UAC/CP,OAAO,EAAPA,OAD+C;UAE/CQ,OAAO,EAAEZ;QAFsC,CAApB,CAA7B;MAID,CANa,EAMXI,OANW,CAAd,CARe,CAgBf;MACA;;MACAD,KAAK,CAACU,OAAN,CAAcX,IAAd,CAAmB;QAAA,OAAMY,YAAY,CAACR,KAAD,CAAlB;MAAA,CAAnB;MACAH,KAAK,CAACU,OAAN,CAAcE,KAAd,CAAoB;QAAA,OAAMD,YAAY,CAACR,KAAD,CAAlB;MAAA,CAApB;MAEA,OAAON,IAAP;IACD,CAvBI,CAAP;EAwBD,CAnD+B;;EAqDhC;AACF;AACA;AACA;AACA;EACEgB,cA1DgC,0BA0DjBC,KA1DiB,EA0DV;IACpB,OAAO,KAAKC,KAAL,CAAWC,QAAX,CAAoB9B,UAApB,CAA+B+B,GAA/B,CAAmCC,cAAnC,GACJnB,IADI,CACC,UAACoB,OAAD;MAAA,OAAc;QAClBC,WAAW,EAAED,OADK;QAElBhC,WAAW,EAAE2B,KAAK,CAAC1B,GAAN,CAAU,UAACiC,GAAD;UAAA,OAASA,GAAG,CAACC,OAAb;QAAA,CAAV;MAFK,CAAd;IAAA,CADD,CAAP;EAKD,CAhE+B;;EAkEhC;AACF;AACA;AACA;EACEC,iBAtEgC,6BAsEdC,OAtEc,EAsEL;IACzB,KAAKzC,MAAL,CAAYC,IAAZ,CAAiB,6BAAjB,EAAgDwC,OAAO,CAACrC,WAAR,CAAoBsC,MAApE;IAEA,OAAO,KAAKV,KAAL,CAAWN,OAAX,CAAmB;MACxBiB,MAAM,EAAE,MADgB;MAExBC,OAAO,EAAE,YAFe;MAGxBC,QAAQ,EAAE,eAHc;MAIxBlC,IAAI,EAAE8B;IAJkB,CAAnB,CAAP;EAMD,CA/E+B;;EAiFhC;AACF;AACA;AACA;EACEK,iBArFgC,+BAqFZ;IAClB,OAAO,iBAAQvC,OAAR,EAAP;EACD,CAvF+B;;EAyFhC;AACF;AACA;AACA;EACEwC,WA7FgC,uBA6FpBjC,IA7FoB,EA6Fd;IAChB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACkC,MAAL,IAAe,GAA/B,CAAP;EACD,CA/F+B;;EAiGhC;AACF;AACA;AACA;EACEC,iBArGgC,6BAqGdnC,IArGc,EAqGR;IACtB,OAAO,KAAKoC,sBAAL,CAA4BpC,IAA5B,EACJE,IADI,CACC,UAACC,KAAD,EAAW;MACfA,KAAK,CAACV,OAAN,CAAcO,IAAI,CAACH,IAAnB;IACD,CAHI,CAAP;EAID,CA1G+B;;EA4GhC;AACF;AACA;AACA;AACA;EACEa,iBAjHgC,6BAiHdV,IAjHc,EAiHRqC,MAjHQ,EAiHA;IAC9B,OAAO,KAAKD,sBAAL,CAA4BpC,IAA5B,EACJE,IADI,CACC,UAACC,KAAD,EAAW;MACfA,KAAK,CAACmC,MAAN,CAAaD,MAAM,IAAI,IAAIE,mBAAJ,CAAavC,IAAI,CAACH,IAAlB,CAAvB;IACD,CAHI,CAAP;EAID,CAtH+B;;EAwHhC;AACF;AACA;AACA;EACE2C,kBA5HgC,8BA4HbxC,IA5Ha,EA4HP;IACvB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACS,SAArB,CAAP;EACD,CA9H+B;;EAgIhC;AACF;AACA;AACA;EACEgC,mBApIgC,+BAoIZzC,IApIY,EAoIN;IACxB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACS,SAArB,CAAP;EACD;AAtI+B,CAAf,CAAnB;;eAyIe7B,U"}
1
+ {"version":3,"names":["TIMEOUT_SYMBOL","KmsBatcher","Batcher","extend","namespace","processKmsMessageEvent","event","logger","info","all","encryption","kmsMessages","map","kmsMessage","resolve","process","env","NODE_ENV","body","acceptItem","prepareItem","item","getDeferredForRequest","then","defer","timeout","Error","timer","safeSetTimeout","warn","requestId","handleItemFailure","KmsTimeoutError","request","promise","clearTimeout","catch","prepareRequest","queue","webex","internal","kms","_getKMSCluster","cluster","destination","req","wrapped","submitHttpRequest","payload","length","method","service","resource","handleHttpSuccess","didItemFail","status","handleItemSuccess","getDeferredForResponse","reason","reject","KmsError","fingerprintRequest","fingerprintResponse"],"sources":["kms-batcher.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {Batcher} from '@webex/webex-core';\n\nimport {KmsError, KmsTimeoutError} from './kms-errors';\n\nexport const TIMEOUT_SYMBOL = Symbol('TIMEOUT_SYMBOL');\n\n/**\n * @class\n */\nconst KmsBatcher = Batcher.extend({\n namespace: 'Encryption',\n\n /**\n * Accepts a kmsMessage event and passes its contents to acceptItem\n * @param {Object} event\n * @returns {Promise}\n */\n processKmsMessageEvent(event) {\n this.logger.info('kms-batcher: received kms message');\n\n return Promise.all(\n event.encryption.kmsMessages.map(\n (kmsMessage) =>\n new Promise((resolve) => {\n /* istanbul ignore else */\n if (process.env.NODE_ENV !== 'production') {\n this.logger.info('kms-batcher:', kmsMessage.body);\n }\n\n resolve(this.acceptItem(kmsMessage));\n })\n )\n );\n },\n\n /**\n * Attaches a timeout to the given KMS message\n * @param {Object} item\n * @returns {Promise<Object>}\n */\n prepareItem(item) {\n return this.getDeferredForRequest(item).then((defer) => {\n const timeout = item[TIMEOUT_SYMBOL];\n\n /* istanbul ignore if */\n if (!timeout) {\n throw new Error('timeout is required');\n }\n\n const timer = safeSetTimeout(() => {\n this.logger.warn(\n `kms: request timed out; request id: ${item.requestId}; timeout: ${timeout}`\n );\n this.handleItemFailure(\n item,\n new KmsTimeoutError({\n timeout,\n request: item,\n })\n );\n }, timeout);\n\n // Reminder: reassign `promise` is not a viable means of inserting into\n // the Promise chain\n defer.promise.then(() => clearTimeout(timer));\n defer.promise.catch(() => clearTimeout(timer));\n\n return item;\n });\n },\n\n /**\n * Attaches the final bits of cluster info to the payload\n * @param {Array} queue\n * @returns {Promise<Array>}\n */\n prepareRequest(queue) {\n return this.webex.internal.encryption.kms._getKMSCluster().then((cluster) => ({\n destination: cluster,\n kmsMessages: queue.map((req) => req.wrapped),\n }));\n },\n\n /**\n * @param {Object} payload\n * @returns {Promise<HttpResponseObject>}\n */\n submitHttpRequest(payload) {\n this.logger.info('kms: batched-request-length', payload.kmsMessages.length);\n\n return this.webex.request({\n method: 'POST',\n service: 'encryption',\n resource: '/kms/messages',\n body: payload,\n });\n },\n\n /**\n * Does nothing; the http response doesn't carry our response data\n * @returns {Promise}\n */\n handleHttpSuccess() {\n return Promise.resolve();\n },\n\n /**\n * @param {Object} item\n * @returns {Promise<boolean>}\n */\n didItemFail(item) {\n return Promise.resolve(item.status >= 400);\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n handleItemSuccess(item) {\n return this.getDeferredForResponse(item).then((defer) => {\n defer.resolve(item.body);\n });\n },\n\n /**\n * @param {Object} item\n * @param {KmsError} [reason]\n * @returns {Promise}\n */\n handleItemFailure(item, reason) {\n return this.getDeferredForResponse(item).then((defer) => {\n defer.reject(reason || new KmsError(item.body));\n });\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n fingerprintRequest(item) {\n return Promise.resolve(item.requestId);\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n fingerprintResponse(item) {\n return Promise.resolve(item.requestId);\n },\n});\n\nexport default KmsBatcher;\n"],"mappings":";;;;;;;;;;AAIA;AACA;AAEA;AAPA;AACA;AACA;;AAOO,IAAMA,cAAc,GAAG,qBAAO,gBAAgB,CAAC;;AAEtD;AACA;AACA;AAFA;AAGA,IAAMC,UAAU,GAAGC,kBAAO,CAACC,MAAM,CAAC;EAChCC,SAAS,EAAE,YAAY;EAEvB;AACF;AACA;AACA;AACA;EACEC,sBAAsB,kCAACC,KAAK,EAAE;IAAA;IAC5B,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,mCAAmC,CAAC;IAErD,OAAO,iBAAQC,GAAG,CAChBH,KAAK,CAACI,UAAU,CAACC,WAAW,CAACC,GAAG,CAC9B,UAACC,UAAU;MAAA,OACT,qBAAY,UAACC,OAAO,EAAK;QACvB;QACA,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,EAAE;UACzC,KAAI,CAACV,MAAM,CAACC,IAAI,CAAC,cAAc,EAAEK,UAAU,CAACK,IAAI,CAAC;QACnD;QAEAJ,OAAO,CAAC,KAAI,CAACK,UAAU,CAACN,UAAU,CAAC,CAAC;MACtC,CAAC,CAAC;IAAA,EACL,CACF;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;EACEO,WAAW,uBAACC,IAAI,EAAE;IAAA;IAChB,OAAO,IAAI,CAACC,qBAAqB,CAACD,IAAI,CAAC,CAACE,IAAI,CAAC,UAACC,KAAK,EAAK;MACtD,IAAMC,OAAO,GAAGJ,IAAI,CAACrB,cAAc,CAAC;;MAEpC;MACA,IAAI,CAACyB,OAAO,EAAE;QACZ,MAAM,IAAIC,KAAK,CAAC,qBAAqB,CAAC;MACxC;MAEA,IAAMC,KAAK,GAAG,IAAAC,4BAAc,EAAC,YAAM;QACjC,MAAI,CAACrB,MAAM,CAACsB,IAAI,+CACyBR,IAAI,CAACS,SAAS,wBAAcL,OAAO,EAC3E;QACD,MAAI,CAACM,iBAAiB,CACpBV,IAAI,EACJ,IAAIW,0BAAe,CAAC;UAClBP,OAAO,EAAPA,OAAO;UACPQ,OAAO,EAAEZ;QACX,CAAC,CAAC,CACH;MACH,CAAC,EAAEI,OAAO,CAAC;;MAEX;MACA;MACAD,KAAK,CAACU,OAAO,CAACX,IAAI,CAAC;QAAA,OAAMY,YAAY,CAACR,KAAK,CAAC;MAAA,EAAC;MAC7CH,KAAK,CAACU,OAAO,CAACE,KAAK,CAAC;QAAA,OAAMD,YAAY,CAACR,KAAK,CAAC;MAAA,EAAC;MAE9C,OAAON,IAAI;IACb,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;EACEgB,cAAc,0BAACC,KAAK,EAAE;IACpB,OAAO,IAAI,CAACC,KAAK,CAACC,QAAQ,CAAC9B,UAAU,CAAC+B,GAAG,CAACC,cAAc,EAAE,CAACnB,IAAI,CAAC,UAACoB,OAAO;MAAA,OAAM;QAC5EC,WAAW,EAAED,OAAO;QACpBhC,WAAW,EAAE2B,KAAK,CAAC1B,GAAG,CAAC,UAACiC,GAAG;UAAA,OAAKA,GAAG,CAACC,OAAO;QAAA;MAC7C,CAAC;IAAA,CAAC,CAAC;EACL,CAAC;EAED;AACF;AACA;AACA;EACEC,iBAAiB,6BAACC,OAAO,EAAE;IACzB,IAAI,CAACzC,MAAM,CAACC,IAAI,CAAC,6BAA6B,EAAEwC,OAAO,CAACrC,WAAW,CAACsC,MAAM,CAAC;IAE3E,OAAO,IAAI,CAACV,KAAK,CAACN,OAAO,CAAC;MACxBiB,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE,YAAY;MACrBC,QAAQ,EAAE,eAAe;MACzBlC,IAAI,EAAE8B;IACR,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;EACEK,iBAAiB,+BAAG;IAClB,OAAO,iBAAQvC,OAAO,EAAE;EAC1B,CAAC;EAED;AACF;AACA;AACA;EACEwC,WAAW,uBAACjC,IAAI,EAAE;IAChB,OAAO,iBAAQP,OAAO,CAACO,IAAI,CAACkC,MAAM,IAAI,GAAG,CAAC;EAC5C,CAAC;EAED;AACF;AACA;AACA;EACEC,iBAAiB,6BAACnC,IAAI,EAAE;IACtB,OAAO,IAAI,CAACoC,sBAAsB,CAACpC,IAAI,CAAC,CAACE,IAAI,CAAC,UAACC,KAAK,EAAK;MACvDA,KAAK,CAACV,OAAO,CAACO,IAAI,CAACH,IAAI,CAAC;IAC1B,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;EACEa,iBAAiB,6BAACV,IAAI,EAAEqC,MAAM,EAAE;IAC9B,OAAO,IAAI,CAACD,sBAAsB,CAACpC,IAAI,CAAC,CAACE,IAAI,CAAC,UAACC,KAAK,EAAK;MACvDA,KAAK,CAACmC,MAAM,CAACD,MAAM,IAAI,IAAIE,mBAAQ,CAACvC,IAAI,CAACH,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;EACE2C,kBAAkB,8BAACxC,IAAI,EAAE;IACvB,OAAO,iBAAQP,OAAO,CAACO,IAAI,CAACS,SAAS,CAAC;EACxC,CAAC;EAED;AACF;AACA;AACA;EACEgC,mBAAmB,+BAACzC,IAAI,EAAE;IACxB,OAAO,iBAAQP,OAAO,CAACO,IAAI,CAACS,SAAS,CAAC;EACxC;AACF,CAAC,CAAC;AAAC,eAEY7B,UAAU;AAAA"}
package/dist/kms-certificate-validation.js CHANGED
@@ -1,67 +1,37 @@
1
1
  "use strict";
2
2
 
3
3
  var _Reflect$construct = require("@babel/runtime-corejs2/core-js/reflect/construct");
4
-
5
4
  var _Array$from = require("@babel/runtime-corejs2/core-js/array/from");
6
-
7
5
  var _Symbol = require("@babel/runtime-corejs2/core-js/symbol");
8
-
9
6
  var _Symbol$iterator = require("@babel/runtime-corejs2/core-js/symbol/iterator");
10
-
11
7
  var _Array$isArray = require("@babel/runtime-corejs2/core-js/array/is-array");
12
-
13
8
  var _Object$defineProperty = require("@babel/runtime-corejs2/core-js/object/define-property");
14
-
15
9
  var _interopRequireDefault = require("@babel/runtime-corejs2/helpers/interopRequireDefault");
16
-
17
10
  _Object$defineProperty(exports, "__esModule", {
18
11
  value: true
19
12
  });
20
-
21
13
  exports.default = exports.KMSError = void 0;
22
-
23
14
  var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/promise"));
24
-
25
15
  var _slicedToArray2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/slicedToArray"));
26
-
27
16
  var _createClass2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/createClass"));
28
-
29
17
  var _classCallCheck2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/classCallCheck"));
30
-
31
18
  var _inherits2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/inherits"));
32
-
33
19
  var _possibleConstructorReturn2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/possibleConstructorReturn"));
34
-
35
20
  var _getPrototypeOf2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/getPrototypeOf"));
36
-
37
21
  var _wrapNativeSuper2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/wrapNativeSuper"));
38
-
39
22
  var _isArray2 = _interopRequireDefault(require("lodash/isArray"));
40
-
41
23
  var _url = require("url");
42
-
43
24
  var _validUrl = require("valid-url");
44
-
45
25
  var _asn1js = require("asn1js");
46
-
47
26
  var _pkijs = require("pkijs");
48
-
49
27
  var _nodeJose = _interopRequireDefault(require("node-jose"));
50
-
51
28
  var _isomorphicWebcrypto = _interopRequireDefault(require("isomorphic-webcrypto"));
52
-
53
29
  var _safeBuffer = require("safe-buffer");
54
-
55
30
  function _createForOfIteratorHelper(o, allowArrayLike) { var it = typeof _Symbol !== "undefined" && o[_Symbol$iterator] || o["@@iterator"]; if (!it) { if (_Array$isArray(o) || (it = _unsupportedIterableToArray(o)) || allowArrayLike && o && typeof o.length === "number") { if (it) o = it; var i = 0; var F = function F() {}; return { s: F, n: function n() { if (i >= o.length) return { done: true }; return { done: false, value: o[i++] }; }, e: function e(_e) { throw _e; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var normalCompletion = true, didErr = false, err; return { s: function s() { it = it.call(o); }, n: function n() { var step = it.next(); normalCompletion = step.done; return step; }, e: function e(_e2) { didErr = true; err = _e2; }, f: function f() { try { if (!normalCompletion && it.return != null) it.return(); } finally { if (didErr) throw err; } } }; }
56
-
57
31
  function _unsupportedIterableToArray(o, minLen) { if (!o) return; if (typeof o === "string") return _arrayLikeToArray(o, minLen); var n = Object.prototype.toString.call(o).slice(8, -1); if (n === "Object" && o.constructor) n = o.constructor.name; if (n === "Map" || n === "Set") return _Array$from(o); if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray(o, minLen); }
58
-
59
- function _arrayLikeToArray(arr, len) { if (len == null || len > arr.length) len = arr.length; for (var i = 0, arr2 = new Array(len); i < len; i++) { arr2[i] = arr[i]; } return arr2; }
60
-
32
+ function _arrayLikeToArray(arr, len) { if (len == null || len > arr.length) len = arr.length; for (var i = 0, arr2 = new Array(len); i < len; i++) arr2[i] = arr[i]; return arr2; }
61
33
  function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = (0, _getPrototypeOf2.default)(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = (0, _getPrototypeOf2.default)(this).constructor; result = _Reflect$construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return (0, _possibleConstructorReturn2.default)(this, result); }; }
62
-
63
34
  function _isNativeReflectConstruct() { if (typeof Reflect === "undefined" || !_Reflect$construct) return false; if (_Reflect$construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(_Reflect$construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
64
-
65
35
  (0, _pkijs.setEngine)('newEngine', _isomorphicWebcrypto.default, new _pkijs.CryptoEngine({
66
36
  name: '',
67
37
  crypto: _isomorphicWebcrypto.default,
@@ -71,57 +41,49 @@ var VALID_KTY = 'RSA';
71
41
  var VALID_KID_PROTOCOL = 'kms:';
72
42
  var X509_COMMON_NAME_KEY = '2.5.4.3';
73
43
  var X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';
44
+
74
45
  /**
75
46
  * Customize Error so the SDK knows to quit retrying and notify
76
47
  * the user
77
48
  */
78
-
79
49
  var KMSError = /*#__PURE__*/function (_Error) {
80
50
  (0, _inherits2.default)(KMSError, _Error);
81
-
82
51
  var _super = _createSuper(KMSError);
83
-
84
52
  /**
85
53
  * add kmsError field to notify
86
54
  * @param {string} message
87
55
  */
88
56
  function KMSError(message) {
89
57
  var _this;
90
-
91
58
  (0, _classCallCheck2.default)(this, KMSError);
92
59
  _this = _super.call(this, message);
93
60
  _this.kmsError = true;
94
61
  return _this;
95
62
  }
96
-
97
63
  return (0, _createClass2.default)(KMSError);
98
64
  }( /*#__PURE__*/(0, _wrapNativeSuper2.default)(Error));
99
-
100
65
  exports.KMSError = KMSError;
101
-
102
66
  var throwError = function throwError(err) {
103
67
  throw new KMSError("INVALID KMS: ".concat(err));
104
68
  };
69
+
105
70
  /**
106
71
  * Converts the PEM string to a pkijs certificate object
107
72
  * @param {string} pem PEM representation of a certificate
108
73
  * @returns {Certificate} pkijs object of the certificate
109
74
  */
110
-
111
-
112
75
  var decodeCert = function decodeCert(pem) {
113
76
  if (typeof pem !== 'string') {
114
77
  throwError('certificate needs to be a string');
115
78
  }
116
-
117
79
  var der = _safeBuffer.Buffer.from(pem, 'base64');
118
-
119
80
  var ber = new Uint8Array(der).buffer;
120
81
  var asn1 = (0, _asn1js.fromBER)(ber);
121
82
  return new _pkijs.Certificate({
122
83
  schema: asn1.result
123
84
  });
124
85
  };
86
+
125
87
  /**
126
88
  * Validate the 'kty' property of the KMS credentials
127
89
  * @param {Object} JWT KMS credentials
@@ -129,27 +91,22 @@ var decodeCert = function decodeCert(pem) {
129
91
  * @throws {KMSError} if kty is not a valid type
130
92
  * @returns {void}
131
93
  */
132
-
133
-
134
94
  var validateKtyHeader = function validateKtyHeader(_ref) {
135
95
  var kty = _ref.kty;
136
-
137
96
  if (kty !== VALID_KTY) {
138
97
  throwError("'kty' header must be '".concat(VALID_KTY, "'"));
139
98
  }
140
99
  };
141
-
142
100
  var validateKidHeader = function validateKidHeader(_ref2) {
143
101
  var kid = _ref2.kid;
144
-
145
102
  if (!(0, _validUrl.isUri)(kid)) {
146
- throwError('\'kid\' is not a valid URI');
103
+ throwError("'kid' is not a valid URI");
147
104
  }
148
-
149
105
  if ((0, _url.parse)(kid).protocol !== VALID_KID_PROTOCOL) {
150
106
  throwError("'kid' protocol must be '".concat(VALID_KID_PROTOCOL, "'"));
151
107
  }
152
108
  };
109
+
153
110
  /**
154
111
  * Checks the first certificate matches the 'kid' in the JWT.
155
112
  * It first checks the Subject Alternative Name then it checks
@@ -160,37 +117,28 @@ var validateKidHeader = function validateKidHeader(_ref2) {
160
117
  * @throws {KMSError} if unable to validate certificate against KMS credentials
161
118
  * @returns {void}
162
119
  */
163
-
164
-
165
120
  var validateCommonName = function validateCommonName(_ref3, _ref4) {
166
121
  var _ref5 = (0, _slicedToArray2.default)(_ref3, 1),
167
- certificate = _ref5[0];
168
-
122
+ certificate = _ref5[0];
169
123
  var kid = _ref4.kid;
170
124
  var kidHostname = (0, _url.parse)(kid).hostname;
171
125
  var validationSuccessful = false;
172
-
173
126
  if (certificate.extensions) {
174
127
  // Subject Alt Names are in here
175
128
  var _iterator = _createForOfIteratorHelper(certificate.extensions),
176
- _step;
177
-
129
+ _step;
178
130
  try {
179
131
  for (_iterator.s(); !(_step = _iterator.n()).done;) {
180
132
  var extension = _step.value;
181
-
182
133
  if (extension.extnID === X509_SUBJECT_ALT_NAME_KEY) {
183
134
  var altNames = extension.parsedValue.altNames;
184
-
185
135
  var _iterator2 = _createForOfIteratorHelper(altNames),
186
- _step2;
187
-
136
+ _step2;
188
137
  try {
189
138
  for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
190
139
  var entry = _step2.value;
191
140
  var san = entry.value;
192
141
  validationSuccessful = san === kidHostname;
193
-
194
142
  if (validationSuccessful) {
195
143
  break;
196
144
  }
@@ -200,7 +148,6 @@ var validateCommonName = function validateCommonName(_ref3, _ref4) {
200
148
  } finally {
201
149
  _iterator2.f();
202
150
  }
203
-
204
151
  if (validationSuccessful) {
205
152
  break;
206
153
  }
@@ -212,22 +159,17 @@ var validateCommonName = function validateCommonName(_ref3, _ref4) {
212
159
  _iterator.f();
213
160
  }
214
161
  }
215
-
216
162
  if (!validationSuccessful) {
217
163
  // Didn't match kid in the Subject Alt Names, checking the Common Name
218
164
  var subjectAttributes = certificate.subject.typesAndValues;
219
-
220
165
  var _iterator3 = _createForOfIteratorHelper(subjectAttributes),
221
- _step3;
222
-
166
+ _step3;
223
167
  try {
224
168
  for (_iterator3.s(); !(_step3 = _iterator3.n()).done;) {
225
169
  var attribute = _step3.value;
226
-
227
170
  if (attribute.type === X509_COMMON_NAME_KEY) {
228
171
  var commonName = attribute.value.valueBlock.value;
229
172
  validationSuccessful = commonName === kidHostname;
230
-
231
173
  if (validationSuccessful) {
232
174
  break;
233
175
  }
@@ -239,11 +181,11 @@ var validateCommonName = function validateCommonName(_ref3, _ref4) {
239
181
  _iterator3.f();
240
182
  }
241
183
  }
242
-
243
184
  if (!validationSuccessful) {
244
- throwError('hostname of the 1st certificate does not match \'kid\'');
185
+ throwError("hostname of the 1st certificate does not match 'kid'");
245
186
  }
246
187
  };
188
+
247
189
  /**
248
190
  * Validate the first KMS certificate against the information
249
191
  * provided in the JWT
@@ -254,14 +196,11 @@ var validateCommonName = function validateCommonName(_ref3, _ref4) {
254
196
  * @throws {KMSError} if e or n doesn't match the first certificate
255
197
  * @returns {void}
256
198
  */
257
-
258
-
259
199
  var validatePublicCertificate = function validatePublicCertificate(_ref6, _ref7) {
260
200
  var _ref8 = (0, _slicedToArray2.default)(_ref6, 1),
261
- certificate = _ref8[0];
262
-
201
+ certificate = _ref8[0];
263
202
  var publicExponent = _ref7.e,
264
- modulus = _ref7.n;
203
+ modulus = _ref7.n;
265
204
  var encode = _nodeJose.default.util.base64url.encode;
266
205
  var publicKey = certificate.subjectPublicKeyInfo.subjectPublicKey;
267
206
  var asn1PublicCert = (0, _asn1js.fromBER)(publicKey.valueBlock.valueHex);
@@ -270,15 +209,14 @@ var validatePublicCertificate = function validatePublicCertificate(_ref6, _ref7)
270
209
  });
271
210
  var publicExponentHex = publicCert.publicExponent.valueBlock.valueHex;
272
211
  var modulusHex = publicCert.modulus.valueBlock.valueHex;
273
-
274
212
  if (publicExponent !== encode(publicExponentHex)) {
275
213
  throwError('Public exponent is invalid');
276
214
  }
277
-
278
215
  if (modulus !== encode(modulusHex)) {
279
216
  throwError('Modulus is invalid');
280
217
  }
281
218
  };
219
+
282
220
  /**
283
221
  * Validates the list of certificates against the CAs provided
284
222
  * @param {certificate[]} certificates list of certificates provided
@@ -287,8 +225,6 @@ var validatePublicCertificate = function validatePublicCertificate(_ref6, _ref7)
287
225
  * validate the KMS's certificates
288
226
  * @returns {Promise} rejects if unable to validate the certificates
289
227
  */
290
-
291
-
292
228
  var validateCertificatesSignature = function validateCertificatesSignature(certificates) {
293
229
  var caroots = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : [];
294
230
  var certificateEngine = new _pkijs.CertificateChainValidationEngine({
@@ -297,14 +233,14 @@ var validateCertificatesSignature = function validateCertificatesSignature(certi
297
233
  });
298
234
  return certificateEngine.verify().then(function (_ref9) {
299
235
  var result = _ref9.result,
300
- resultCode = _ref9.resultCode,
301
- resultMessage = _ref9.resultMessage;
302
-
236
+ resultCode = _ref9.resultCode,
237
+ resultMessage = _ref9.resultMessage;
303
238
  if (!result) {
304
239
  throwError("Certificate Validation failed [".concat(resultCode, "]: ").concat(resultMessage));
305
240
  }
306
241
  });
307
242
  };
243
+
308
244
  /**
309
245
  * Validates the information provided by the KMS. This is a curried function.
310
246
  * The first function takes the caroots param and returns a second function.
@@ -315,23 +251,20 @@ var validateCertificatesSignature = function validateCertificatesSignature(certi
315
251
  * validate the KMS
316
252
  * @returns {Promise} when resolved will return the jwt
317
253
  */
318
-
319
-
320
254
  var validateKMS = function validateKMS(caroots) {
321
255
  return function () {
322
256
  var jwt = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
323
257
  return _promise.default.resolve().then(function () {
324
258
  validateKtyHeader(jwt);
325
259
  validateKidHeader(jwt);
326
-
327
260
  if (!((0, _isArray2.default)(jwt.x5c) && jwt.x5c.length > 0)) {
328
261
  throwError('JWK does not contain a list of certificates');
329
262
  }
330
-
331
263
  var certificates = jwt.x5c.map(decodeCert);
332
264
  validateCommonName(certificates, jwt);
333
- validatePublicCertificate(certificates, jwt); // Skip validating signatures if no CA roots were provided
265
+ validatePublicCertificate(certificates, jwt);
334
266
 
267
+ // Skip validating signatures if no CA roots were provided
335
268
  var promise = caroots ? validateCertificatesSignature(certificates, caroots) : _promise.default.resolve();
336
269
  return promise.then(function () {
337
270
  return jwt;
@@ -339,7 +272,6 @@ var validateKMS = function validateKMS(caroots) {
339
272
  });
340
273
  };
341
274
  };
342
-
343
275
  var _default = validateKMS;
344
276
  exports.default = _default;
345
277
  //# sourceMappingURL=kms-certificate-validation.js.map